From 165f09d90a7db17ca1a1f7a36997273865ccf671 Mon Sep 17 00:00:00 2001 From: sedrubal Date: Mon, 10 Feb 2025 22:02:52 +0100 Subject: [PATCH] ipa_host: Maintain the host certificates (#9694) * ipa_host: Maintain the host certificates Fix #9693 * Add changelog fragment * Fix changelog message * Fix changelog message again (cherry picked from commit d5add1ed9f3addb4c99f6c3aae9002f033a8e9e7) --- changelogs/fragments/9694-ipa-host-certificate-revoked.yml | 2 ++ plugins/modules/ipa_host.py | 4 ++++ 2 files changed, 6 insertions(+) create mode 100644 changelogs/fragments/9694-ipa-host-certificate-revoked.yml diff --git a/changelogs/fragments/9694-ipa-host-certificate-revoked.yml b/changelogs/fragments/9694-ipa-host-certificate-revoked.yml new file mode 100644 index 0000000000..71dcbb2a17 --- /dev/null +++ b/changelogs/fragments/9694-ipa-host-certificate-revoked.yml @@ -0,0 +1,2 @@ +bugfixes: + - ipa_host - module revoked existing host certificates even if ``user_certificate`` was not given (https://github.com/ansible-collections/community.general/pull/9694). diff --git a/plugins/modules/ipa_host.py b/plugins/modules/ipa_host.py index 791cee91f3..a30f6b1ea2 100644 --- a/plugins/modules/ipa_host.py +++ b/plugins/modules/ipa_host.py @@ -272,6 +272,10 @@ def ensure(module, client): data = {} for key in diff: data[key] = module_host.get(key) + if "usercertificate" not in data: + data["usercertificate"] = [ + cert['__base64__'] for cert in ipa_host.get("usercertificate", []) + ] ipa_host_show = client.host_show(name=name) if ipa_host_show.get('has_keytab', True) and (state == 'disabled' or module.params.get('random_password')): client.host_disable(name=name)